Search Results

  • fog

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: “.fog” Renaming Convention: originalfilename.ext.fog (the malware simply appends “.fog” once to every encrypted object; it does NOT double-encrypt or change base file names) 2. Detection & Outbreak Timeline First appearance tracked by public sandboxes & ID-Ransomware submissions: 17 August 2022 First surge in…

  • fofd

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .fofd The malware appends the four-character suffix “.fofd” immediately after the original file extension (e.g., invoice.docx.fofd). Renaming Convention: No e-mail, no Tor URL, no victim-ID. It simply concatenates .fofd to every encrypted object on all local drives and mapped shares. Encrypted DLLs, EXEs,…

  • fmopq

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: FMOPQ Renaming Convention: Victim files are renamed in the following pattern: <OriginalName>.<OriginalExt>.fmopq (e.g., Project.xlsx → Project.xlsx.fmopq). No hexadecimal or email-based prefix/suffix is inserted, making FMOPQ easy to recognize in directory listings. 2. Detection & Outbreak Timeline Approximate Start Date/Period: First submissions to public…

  • fmoon

    Ransomware Intelligence Report Variant tracked by extension: .fmoon Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: .fmoon (lower-case, no space, appended strictly after the last dot, original extension is NOT removed). Renaming convention: original_name.ext.fmoon → e.g. Quarterly-Report.xlsx.fmoon No e-mail address, victim-ID, or random hex string is inserted into the filename—this minimal style helps…

  • fmk-ta3-7ym

    Ransomware Brief – Extension “.fmk-ta3-7ym” Technical Breakdown 1. File Extension & Renaming Patterns Exact extension appended: .fmk-ta3-7ym (lower-case, 11 characters incl. two hyphens) Renaming convention observed: <original_name>.<original_ext>.id-< victim_ID >.[<attacker_mail>].fmk-ta3-7ym Example: Project.xlsx → Project.xlsx.id-9A1B2C3D.[[email protected]].fmk-ta3-7ym The “victim_ID” is an 8-hex-digit string generated from MAC address/SHA-1(SID+UUID). Some samples skip the e-mail bracket and simply append .{victim_ID}.fmk-ta3-7ym. 2. Detection…

  • fmfgmfgm

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Victims see every encrypted file suffixed with the literal string “.fmfgmfgm”. Renaming Convention: – Original file presentation.pptx becomes presentation.pptx.fmfgmfgm. – No prefix or middle-token changes; underscores, spaces, and internal dots are preserved. – The depth of the tree is honoured: every reachable share…

  • flyu

    flyu Ransomware – Community Threat Brief Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: .flyu (lower-case, no second extension). Renaming convention: Original → 原文件名称.id-<8-hex-chars>.[[email protected]].flyu Example: QuarterlyReport.xlsx → QuarterlyReport.id-A3F91B2C.[[email protected]].flyu – The ID is the victim fingerprint used by the decryptor. – E-mail address is sometimes [email protected] in later waves. 2. Detection & Outbreak Timeline…

  • flytech

    Fly-tech Ransomware – Community Resource v1.0 Last reviewed: June 2024 TECHNICAL BREAKDOWN 1. File-extension & Renaming Patterns Confirmed extension: .flytech (small-case, no space) Renaming convention: Original: Project_Q2.xlsx → Encrypted: Project_Q2.xlsx.flytech No e-mail or ID-string is injected into the filename – the malware simply appends the solitary 8-byte extension, leaving directory names untouched. 2. Detection &…

  • flyper

    Technical Breakdown – Flyper Ransomware (*.flyper) 1. File Extension & Renaming Patterns Confirmation of File Extension: Every encrypted file is given the suffix .flyper. Renaming Convention: Plain file: Invoice_Jul2023.xlsx After attack: Invoice_Jul2023.xlsx.flyper No e-mail, victim-ID, or random string is inserted—only the single new extension is added, which keeps the original file name intact (useful when…

  • flux

    Ransomware Dossier – “FLUX” Variant Last updated: 2024-06-XX TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of File Extension: .flux (lower-case, no space, appended as a secondary extension; e.g. Annual_Report.xlsx.flux) Renaming Convention: – Original name is kept intact – nothing is scrambled or base-64 encoded. – The string ._FLUX plus a 6-digit victim-ID (regex…